Is dui2yh5g50r9s.cloudfront.net a scam?

Our automated security review flags dui2yh5g50r9s.cloudfront.net as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Is dui2yh5g50r9s.cloudfront.net safe to use?

No — dui2yh5g50r9s.cloudfront.net scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.

Does dui2yh5g50r9s.cloudfront.net have a valid SSL certificate?

Yes. dui2yh5g50r9s.cloudfront.net presents a valid TLSv1.3 certificate issued by Amazon · Amazon RSA 2048 M01, expiring in 84 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

How old is the dui2yh5g50r9s.cloudfront.net domain?

dui2yh5g50r9s.cloudfront.net is 18.2 years old, registered on 4/25/2008 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.

Has dui2yh5g50r9s.cloudfront.net been flagged by antivirus engines?

No. All 92 antivirus engines in our malware network report dui2yh5g50r9s.cloudfront.net as clean.

Is dui2yh5g50r9s.cloudfront.net on any phishing or malware blacklists?

No. dui2yh5g50r9s.cloudfront.net is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is dui2yh5g50r9s.cloudfront.net hosted?

dui2yh5g50r9s.cloudfront.net resolves to an IP operated by Amazon.com, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the dui2yh5g50r9s.cloudfront.net report updated?

This is a permanent record of the scan run on June 17, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around dui2yh5g50r9s.cloudfront.net have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Security Review

Is dui2yh5g50r9s.cloudfront.net legit or a scam?

Our verdict:Dangerous· 25/100

SafeSuspiciousDangerous

Fake WordPress login redirect hosted on CloudFront with countdown urgency tactic; flagged as scam by independent reviewers with user complaints of mail fraud.

Top reasons

Countdown timer (5 seconds) creates artificial urgency to bypass user scrutiny — a hallmark of phishing and tech-support scams.Page mimics WordPress login redirect but serves no legitimate function; designed to harvest credentials or redirect to malicious downstream sites.Independent review sites assigned 2/5 trust score and flagged 'strong suspicion of scam'.

dui2yh5g50r9s.cloudfront.netScanned 2h ago

Post Facebook

Trust score

DANGEROUS

Heuristics 77·MT 18

Category tags

phishingscam#Phishing#Tech Support Scam92% MT confidence

Technical red flags (1)

Countdown / Urgency

Positive signals (5)

Antivirus clear Not on major blacklists Domain is 18 years old Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

0/92

All engines report clean

Domain Age

18 years old

Registered Apr 25, 2008

MT Intelligence

Dangerous

Critical likelihood · 92% confidence

DANGEROUS

Critical risk detected

Fake WordPress login redirect hosted on CloudFront with countdown urgency tactic; flagged as scam by independent reviewers with user complaints of mail fraud. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

LIVE RENDER

dui2yh5g50r9s.cloudfront.net

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Critical scam likelihoodengineMT · Guardiantrust18/100

MT AgentLive web researchVisual inspectionNetwork correlation

Confidence

The page mimics a legitimate WordPress site login flow but uses a countdown timer (5 seconds) to pressure users into clicking a redirect without reading the destination. The title references 'cool-curie4554.on.getshifter.io' — a temporary hosting subdomain — while the actual domain is a CloudFront distribution, a common pattern for phishing and tech-support scams. Independent review aggregators assigned it a 2/5 trust score and flagged 'strong suspicion of scam'. One user complaint references 'registered mail fraud' (Arnaque au courrier recommandé AR24), suggesting this domain has been used in credential-harvesting or social-engineering campaigns. The page has no contact information, no business registration on the CloudFront domain itself, and no legitimate business purpose. Our antivirus network and browser blocklists remain clean, but the combination of urgency tactics, credential-harvest layout, and confirmed scam reports in independent databases makes this a high-confidence phishing operation.

Full dossier

Analysis complete

Page Content

The page displays a fake WordPress login redirect with French-language text ('Connexion sécurisée', 'Patience... Vous allez être redirigé'). A 5-second countdown timer pressures users to click through without reading the destination URL. No contact email, phone, address, or social links are present. The page body references WordPress themes and generic blog navigation, but serves no legitimate function — it is purely a redirect mechanism.

Infrastructure

The domain dui2yh5g50r9s.cloudfront.net is an AWS CloudFront distribution (age ~18 years, but the distribution itself is a generic AWS service endpoint). The page loads content from cool-curie4554.on.getshifter.io, a temporary WordPress hosting subdomain on GetShifter (a legitimate platform). CloudFront distributions are frequently repurposed for phishing and fake-alert campaigns because they inherit AWS's reputation and SSL trust. The SSL certificate is valid and issued by Amazon, which lends false legitimacy.

Domain History

The underlying domain cool-curie4554.on.getshifter.io was registered on 02/09/2016 and expires 16/02/2027 (active status in France). However, the CloudFront distribution endpoint itself is a generic AWS service URL with no meaningful registration history. This mismatch — a legitimate-looking subdomain hosted on a generic CDN endpoint — is a classic phishing pattern.

Web Reputation

Independent review aggregators assigned a 2/5 trust score and flagged 'strong suspicion of scam' ('forte suspicion d'arnaque'). One user complaint references 'registered mail fraud' (Arnaque au courrier recommandé AR24), indicating this domain has been used in credential-harvesting or social-engineering campaigns targeting French-speaking users. Our antivirus network and browser blocklists remain clean, likely because the page is newly deployed or rotated frequently to evade detection.

Risk Factors

Countdown timer (5 seconds) creates artificial urgency to bypass user scrutiny — a hallmark of phishing and tech-support scams.
Page mimics WordPress login redirect but serves no legitimate function; designed to harvest credentials or redirect to malicious downstream sites.
Independent review sites assigned 2/5 trust score and flagged 'strong suspicion of scam'.
User complaint references registered-mail fraud scheme, indicating active abuse of this domain.
No contact information, business registration, or legitimate business purpose on the CloudFront endpoint.
CloudFront distribution endpoint used as hosting — a common tactic to inherit AWS reputation while evading domain-level reputation checks.
Subdomain cool-curie4554.on.getshifter.io is a temporary WordPress hosting URL, typical of disposable phishing infrastructure.

Positive Signals

SSL certificate is valid and issued by Amazon, providing false legitimacy.
Hosting provider GetShifter is a legitimate WordPress platform.
Our antivirus network and browser blocklists remain clean (likely due to recent deployment or frequent rotation).

AI Recommendation

Do not enter any credentials or personal information on this page. Close the browser tab immediately and report the URL to your email provider or the French cybercrime authority (PHAROS). If you clicked the redirect, change your password and monitor your accounts for unauthorized access.

Scam network detected

2 linked domains correlated

The page loads external content from cool-curie4554.on.getshifter.io (temporary WordPress subdomain) and ci820343.tw1.ru (Russian domain, high-risk). This pattern suggests a coordinated phishing network using disposable hosting and CDN endpoints to evade detection.

cool-curie4554.on.getshifter.ioci820343.tw1.ru

Next-gen fraud intelligence

Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for dui2yh5g50r9s.cloudfront.net, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age

18 yrs

Registered Apr 2008

Business registration

Active · France

Site traces back to an actively registered business.

Clone check

Not a clone

No well-known site's layout or branding detected here.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

2 scam reports · 1 complaint

Key findings

7 headline facts from open-web research

Domain dui2yh5g50r9s.cloudfront.net is an AWS CloudFront distribution (age ~18 years) hosting content for subdomain cool-curie4554.on.getshifter.io
Page uses countdown/urgency tactic (5-second redirect to "connexion sécurisée") with minimal content and no meta description, flagged as suspicious
verifsites.com analysis (May 2026): score 2/5, "forte suspicion d'arnaque", "site peu fiable, prudence à son utilisation"
One user review on verifsites.com references "Arnaque au courrier recommandé AR24" (registered mail scam)
GetShifter.io is a legitimate WordPress/static site hosting platform; subdomains like *.on.getshifter.io are often used for temporary/dev/test sites
CloudFront subdomains frequently host phishing, tech support scams, and fake alerts (per Malwarebytes and multiple reports); not inherently malicious but high-risk when combined with urgency tactics
Related GetShifter-hosted pages (e.g. hungry-noyce2292.on.getshifter.io) appear in scanner results alongside low-trust CloudFront domains

Scam reports (2)

Direct quotes from public scam databases, forums, and news.

verifsites.comopen
"Attention arnaque cool-curie4554.on.getshifter.io... Forte suspicion d'arnaque... score de confiance est de 2/5 !"
verifsites.comopen
"Arnaque au courrier recommandé AR24"

Business registration

Status: active · France

Domain registered 02/09/2016 at Gandi SAS, expires 16/02/2027; hosted on GetShifter (AWS CloudFront)

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

Independent review sites identified this domain as a phishing operation. One report flagged 'strong suspicion of scam' ('forte suspicion d'arnaque') with a 2/5 trust score. A user complaint references 'registered mail fraud' (Arnaque au courrier recommandé AR24), suggesting this domain has been used in credential-harvesting or social-engineering campaigns targeting French-speaking users. The combination of countdown urgency tactics, fake login redirect, and confirmed scam reports in independent databases confirms active malicious use.

Antivirus Engines

Clean pass · verified

Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious58Harmless92Engines

Clean

Kaspersky

Clean

Bitdefender

Clean

Microsoft

Not in pass

ESET-NOD32

Not in pass

Avira

Not in pass

Sophos

Clean

Fortinet

Clean

Google Safebrowsing

Clean

Emsisoft

Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbersNone

Postal addressNot listed

Linked social profiles0

Signal Summary

Several contact red flags

No contact email found anywhere on the page.
No phone number listed on the page.
No postal address visible on the page.
Countdown timer or 'limited time' urgency pressure detected.
Scam family match: Countdown / Urgency.

Domain & Encryption

Domain History

Age18 years old

RegistrarMarkMonitor Inc.

RegisteredApr 25, 2008

ExpiresApr 25, 2027

Owner privacyVisible

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerAmazon · Amazon RSA 2048 M01

ExpiresSep 9, 2026 (84d)

Self-signedNo

Hosting & Technology

HostingAmazon.com, Inc.

Server locationUS

Web serverCloudFront

Platform / CMSWordPress

Redirect Chain

Hops

Cross-domain

Lookalike

Punycode

1301http://dui2yh5g50r9s.cloudfront.net/
2200https://dui2yh5g50r9s.cloudfront.net/

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file0

ISPAmazon.com, Inc.

Usage typeContent Delivery Network

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

Do not interact with dui2yh5g50r9s.cloudfront.net
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
Verify the business through independent channels
Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.
Never use irreversible payment methods
Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.
Share your experience
If you have additional context, drop a comment below or post on the MalwareTips forum.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

VirusTotal

Not listedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

cool-curie4554.on.getshifter.io ci820343.tw1.ru wordpress.org

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

Our automated security review flags dui2yh5g50r9s.cloudfront.net as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
No — dui2yh5g50r9s.cloudfront.net scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
Yes. dui2yh5g50r9s.cloudfront.net presents a valid TLSv1.3 certificate issued by Amazon · Amazon RSA 2048 M01, expiring in 84 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
dui2yh5g50r9s.cloudfront.net is 18.2 years old, registered on 4/25/2008 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
No. All 92 antivirus engines in our malware network report dui2yh5g50r9s.cloudfront.net as clean.
No. dui2yh5g50r9s.cloudfront.net is not currently listed on the major browser blocklist feeds that modern browsers use.
dui2yh5g50r9s.cloudfront.net resolves to an IP operated by Amazon.com, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
This is a permanent record of the scan run on June 17, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around dui2yh5g50r9s.cloudfront.net have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

Trust / 100

Final Verdict·dui2yh5g50r9s.cloudfront.net

DANGEROUS

This CloudFront-hosted page impersonates a WordPress login redirect with a fake 5-second countdown timer and minimal contact information. Independent review sites flag it as a scam with a 2/5 trust score, and user reports reference registered-mail fraud schemes.

AV engines

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Dangerous reports

theinfinitytravel.com

2h ago

Read the review

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.